VYPR
Unrated severityNVD Advisory· Published Sep 16, 2008· Updated Jun 16, 2026

CVE-2008-3950

CVE-2008-3950

Description

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    • (no CPE)range: 1.1.4, 2.0
  • Apple Inc./iPhone3 versions
    cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
    • (no CPE)range: 1.1.4, 2.0
  • cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
    • (no CPE)range: 1.1.4, 2.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.